Featured Slideshow

In a Dallas courtroom on Thursday, writer and activist Barrett Brown was sentenced to 63 months in prison and was ordered to pay a little more than $890,000 in restitution and fines, according to reports.

Upcoming Live Events

Be sure to stay tuned for breaking news on our 2015 conference and expo, which promises to deliver even more innovative programming and an enhanced showcase of the latest cyber security solutions you must see.

Target CEO confirms malware on POS machines, talks chip cards

Target CEO confirmed that malware introduced on POS devices provided a way in for cyber thieves.

Target CEO Gregg Steinhafel confirmed in a CNBC interview on Monday that malware introduced on point-of-sale devices is what enabled thieves to steal 40 million cards, CVV numbers and encrypted PIN codes, as well as personally identifiable information (PII) on 70 million shoppers, in a roughly three-week-long data breach.

“We don't know the full extent of what transpired, but what we do know was there was malware installed on our point-of-sale registers,” Steinhafel said. “We removed that malware so that we could provide a safe and secure shopping environment.”

Target has taken other actions to protect its customers too, Steinhafel said, such as taking down 13 phishing sites that were preying on confused shoppers.

Steinhafel said he first learned that a data breach incident had transpired on Dec. 15, 2013, which was a day spent eliminating the malware and ensuring people were safe to shop in all Target locations the following day.

Officials initiated an investigation and began forensic work on Dec. 16, 2013, Steinhafel said, explaining the following day was spent setting up the call center and preparing store employees for customer queries. Target then prepared to notify the public and announced the breach on Dec. 19, 2013.

“We have seen almost no fraudulent activity on our Target REDcard,” Steinhafel said, explaining Target will offer zero liability to customers by paying for any fraudulent charges on cards as a result of the breach. “We have some very low-level activity on the legacy Target Visa card. That's the only place that we've seen anything to this point.”

Looking forward, Steinhafel said that he would like to see Target take a lead role in shifting the U.S. from cards that use vulnerable magnetic strips to cards that contain encrypted chips and follow the EMV global standard for chip cards.

However, it is already an initiative that began gaining momentum in 2011 and is expected to really take off in October 2015, according to Randy Vanderhoof, executive director with the Smart Card Alliance.

Vanderhoof told SCMagazine.com on Monday that chip cards offer a bigger safety benefit because financial information is encrypted on the chip and can only be read when swiped through a card reader, which creates a unique one-time key only for that single transaction.

SC Magazine arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.